> The best solution, in my opinion, is to switch to J2EE sessions, > assuming you can invest the time and effort to do that.
I'm having almost the exact same problem. My login system, had been working perfectly (CF8) until we moved everything to a new server with CF10 on it. Now, Chrome will log you out as fast as you can log in. The only exception is if I set - addtoken="yes" to the URLs. The second it hits a URL without the token, you're out. Not good. <cfapplication name="SiteADMIN" clientmanagement="yes" sessionmanagement="yes" setdomaincookies="yes" sessiontimeout="#CreateTimeSpan(0,8,00,0)#" applicationtimeout="#CreateTimeSpan(0,8,00,0)#" clientstorage="cookie" > <!--- Define that this user is logged out by default ---> <CFPARAM NAME="session.isADMIN" DEFAULT="false"> <!--- Define this user id to zero by default ---> <CFPARAM NAME="session.thisUSER" DEFAULT="0"> So considering the above - what, in theory, would be the exact consequences in switching to J2EE sessions? I don't this there would be that much code that would need to be changed. I'm simply checking that session.isADMIN is true in my application file. I admittedly don't have a super-technical understanding of exactly how things have changed between CF8 and CF10. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357881 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm